InfoSec Handlers Diary Blog

On a very slow day, I have had a chance to catch up on some of the trends over the past few months, and something interesting caught my eye: A severe upshot in port 12174 traffic over the past 48 hours has appeared on the radar. I know TCP Port 12174 has appeared a few times in the past; I am checking to see if this is an old dog, or an old dog with new tricks. If anybody has any packet captures for this port please submit them via the Contacts page.

The "Introduction to MAEC White Paper" (Malware Attribute Enumeration and Characterization) has been released.

The paper describes the continuing development of "a standardized language for encoding and communicating high-fidelity information about malware based upon attributes such as behaviors, artifacts, and attack patterns". The paper includes "discussion of our Conficker characterization and problems/issues we face in the development of MAEC that may be of interest".

If you're interested in participating, even occasionally via list participation, it's appreciated . Contact information is at the MAEC Working Group site.